1 / 12

Progress Update on Spreadsheet Use in Financial Sector: Insights from FSA 2005

In July 2005, I delivered a review of advancements since my 2003 keynote speech to Eusprig, focusing on spreadsheet usage concerns in the financial industry shared by the Financial Services Authority (FSA). Progress has been observed in areas such as IT strategy acknowledgment, user training, and increased awareness in audit reports. However, challenges persist, including the need for better practices and the burden of accreditation. This update highlights both the strides made and the ongoing difficulties in addressing the "M" problem and ensuring effective data management.

kami
Télécharger la présentation

Progress Update on Spreadsheet Use in Financial Sector: Insights from FSA 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Regulatory Update Dean Buckner UK Financial Services Authority July 2005

  2. Summary • In 2003 I made keynote speech to Eusprig • Highlighting areas where FSA concerned about spreadsheet use in financial industry • Today I shall review progress made in these areas • As always, there is good news and bad

  3. Issues in 2003 • Change of mindset (senior mgt, IT) • User training • No “good practice” • Accreditation • Audit awareness • Data standards • The “M” problem

  4. Management mindset • We would like firms to have an IT strategy on spreadsheets • More than just “aim to replace them”! • Some good news • IT directors increasingly admit need for strategy • One bank now explicitly recognise this (Case study I) • Sarbanes Oxley implications • Bad news • Hard to see “big picture”

  5. User training • Most problems the result of poor use of EUC solutions • Falls under “stupid practice” • (Case study II) • Good training the obvious solution • But no IT budget! • This would mean explicit acceptance of supposedly “tactical” solutions • Connects with IT strategy issue

  6. Good practice • Good news • EUC policy now becoming a standard (in banks at least) • Bad news • Policy tends to be very high level • Eusprig has no view on good practice • FSA’s position is that this is industry issue

  7. Accreditation • No good news • Accreditation seen as burdensome and risky • And difficult (implies generally accepted view on good practice, for a start)

  8. Audit • Very good news • We are seeing more mention of spreadsheets in audit reports • Doesn’t mean spreadsheet use increasing! • Does mean that auditors now recognise spreadsheets exist! • And EUC part of audit plan • Thanks to Eusprig • Impact of Sarbanes Oxley?

  9. Data • Data processing is the biggest problem • Mostly done on spreadsheets, via ad-hoc and “hacky” downloads • Increasing use of ACCESS in bad ways • No “vested interest” in good data (even in Eusprig community) • Basel has helped a bit • Concept of “data ownership” • Sarbanes-Oxley may help

  10. “M” problem • Some good news • Dialogue opened up with banks and FSA • Apparent willingness • But obvious difficulties • Which problems are “M” specific? • Or is it just bad use of a good tool? • Some issues: code fragmentation, poor help, poor data transfer (try moving UK date formats from ACCESS to EXCEL), 256 column problem, ACCESS security &c &c

  11. Sarbanes Oxley • Requires firms to demonstrate that controls around financial reporting are adequate • Requires auditor to • Assess effectiveness of management assessment of internal controls • Assess effectiveness of internal controls • Requirement to demonstrate EUC controls is particularly onerous (because they are usually not documented)

  12. Questions & Comments

More Related